Applicant Privacy Policy V1.0

This privacy policy explains how Criminal Records Services Limited (hereinafter “we,” “us,” or “our”) collects, uses, and shares personal information of individuals (“you” or “candidates”) in connection with background screening services we provide to our clients. We are committed to protecting your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We understand that providing personal and sensitive data is an act of trust and we treat your information with respect and integrity. This privacy policy will inform you as to how we look after your personal data when you visit our websites and systems regardless of where you visit them from.

1. Who We Are

Criminal Records Services Limited (CRS)
(DBSChecks.com is a trading name of CRS)
Suite 2, Leigh Wharf,
Canal Street, Leigh,
WN7 4DB

We are a background screening company that provides services to clients who need to verify information about individuals as part of their recruitment, employment, or other business processes. In most cases we act as a data processor on behalf of our clients, who are the data controllers. This means that our client acts as the data controller of your personal data, determining the purposes for which your data is processed. In this common scenario, we only process your personal data on the instructions of our controller clients.

2. Information We Collect

We collect various types of personal information for background screening purposes, depending on the specific services requested by our clients and the requirements of UK law. This information may include:

• Identification Information: Full name, date of birth, address, previous addresses, National Insurance number, driver’s license number, passport details, and other government-issued identification.
• Contact Information: Phone number, email address, and other contact details.
• Criminal Records: Information about criminal convictions, arrests, charges, and other legal proceedings, as permitted by UK law, including the Rehabilitation of Offenders Act 1974.
• Other Information: Any other information relevant to the specific background check requested by our client and permitted by UK law.

3. How We Collect Information

We collect personal information from various sources, including:

• From You: Directly from you through application forms, online portals, questionnaires, and other documents you provide.
• From Third-Party Sources:
  • Public records (e.g., court records, criminal records databases, DVLA records).
  • Credit reference agencies.
  • Educational institutions.
  • Previous employers.
  • Professional licensing bodies.
  • Reference providers.
  • The Disclosure and Barring Service (DBS).
• With Your Consent: We will obtain your explicit consent when required by UK law before collecting information from certain sources or conducting specific types of checks, such as criminal record checks.

4. How We Use Your Information

We use the collected information for the following purposes:

• To Provide Background Screening Services: To conduct background checks on behalf of our clients in the UK, as per their instructions and in accordance with UK law.
• To Verify Information: To verify the accuracy of the information you provide and to obtain additional information from third-party sources.
• To Prepare Reports: To compile and provide background screening reports to our clients.
• To Comply with Legal Obligations: To comply with applicable UK laws, regulations, and legal processes, including those related to employment screening and data protection.
• To Maintain Records: To maintain accurate records of the background checks conducted.
• To Resolve Disputes: To address and resolve any disputes or complaints related to the background screening process.

5. How We Share Your Information

We may share your personal information with the following entities:

• Our Clients: We share the results of the background checks with the clients in the UK who requested them, subject to contractual agreements and legal restrictions.
• Third-Party Service Providers: We may share information with third-party service providers who assist us in conducting background checks (e.g., data providers, court researchers). We ensure these providers comply with UK data protection laws and our contractual obligations.
• Legal and Regulatory Authorities: We may disclose information to government agencies, law enforcement, or other legal bodies in the UK when required by law or to protect our legal rights.
• Disclosure and Barring Service (DBS), Disclosure Scotland (DS) & Access NI: We may share information with these organisations as required for certain types of background checks, in accordance with DBS regulations.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Secure data storage and encryption, including encryption of data in transit and at rest.
• Access controls and authentication procedures, including multi-factor authentication where appropriate.
• Regular security assessments and audits, including penetration testing and vulnerability scanning.
• Employee training on UK data protection laws and best practices.
• Compliance with industry security standards, including ISO 27001.
• Data minimization and pseudonymization where appropriate.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations under UK law, and as instructed by our clients, subject to applicable laws. Retention periods may vary depending on the type of information, the client’s requirements, and legal obligations. We have a data retention policy that outlines specific retention periods for different types of data.

8. International Data Transfers

By carrying out a UK DBS Basic check no information is sent outside the UK unless this is requested by the Applicant. As a background screening company, we may transfer your personal information to countries outside the UK and the European Economic Area (EEA) where our clients or service providers are located. We will ensure that such transfers comply with applicable data protection laws, including the UK GDPR, and that appropriate safeguards are in place to protect your information. These safeguards may include:

• Standard contractual clauses approved by the Information Commissioner’s Office (ICO).
• Reliance on an adequacy decision from the UK government.
• Other legally recognised transfer mechanisms, such as Binding Corporate Rules (BCRs).
• Ensuring that the recipient country provides an equivalent level of data protection to the UK.

9. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have several rights regarding your personal information, including:

• Right to Access: You have the right to request a copy of the personal information we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete information.
• Right to Erasure: You have the right to request that we delete your information in certain circumstances.
• Right to Restriction of Processing: You have the right to request that we limit the processing of your information.
• Right to Object: You have the right to object to the processing of your information in certain circumstances, including for direct marketing.
• Right to Data Portability: You have the right to receive your information in a structured, machine-readable format and to transmit it to another entity.
• Right to Withdraw Consent: If we process your information based on your consent, you have the right to withdraw that consent at any time.
• Right to Complain: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have violated your data protection rights.

To exercise your rights, please contact us using the contact details provided below. We will respond to your request within the timeframes specified by the UK GDPR.

10. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data processing practices, please contact us at:

Criminal Records Services Limited
Suite 2, Leigh Wharf,
Canal Street, Leigh,
WN7 4DB

enquires@criminalrecordsservices.com

+44 1942 609 365

11. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or UK legal requirements. We will notify you of any material changes by posting the updated policy on our website or through other appropriate communication channels.

Last Updated: 31/07/2025